3a28f5384a78d7e7e83b1f8ec1faa472e9ffbd88767e8b2bb1471acb15cab228 | Triage

Sharing

General

Target

3a28f5384a78d7e7e83b1f8ec1faa472e9ffbd88767e8b2bb1471acb15cab228
Size

224KB
Sample

221030-yxgjwaghf8
MD5

9097255f691e81c97c8b20b3a92861b7
SHA1

5ca14ed35675369fff01f542fc84193bb15186ea
SHA256

3a28f5384a78d7e7e83b1f8ec1faa472e9ffbd88767e8b2bb1471acb15cab228
SHA512

49508683f7d668e51802df9dd962a04f7900631a31e8eac80d6c295869422fdf0308242b452de9200a36a7b35c8fb9e0c1d135bc0fdf009d7d823ea4e6e77ebe
SSDEEP

3072:5XyqNsMoBuDZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUbax2+l:YqN5Tp4LnbmlrZW

Score

10^/10

evasion persistence

Malware Config

Targets

- Target
  
  3a28f5384a78d7e7e83b1f8ec1faa472e9ffbd88767e8b2bb1471acb15cab228
- Size
  
  224KB
- MD5
  
  9097255f691e81c97c8b20b3a92861b7
- SHA1
  
  5ca14ed35675369fff01f542fc84193bb15186ea
- SHA256
  
  3a28f5384a78d7e7e83b1f8ec1faa472e9ffbd88767e8b2bb1471acb15cab228
- SHA512
  
  49508683f7d668e51802df9dd962a04f7900631a31e8eac80d6c295869422fdf0308242b452de9200a36a7b35c8fb9e0c1d135bc0fdf009d7d823ea4e6e77ebe
- SSDEEP
  
  3072:5XyqNsMoBuDZVpl2mclbj4Uvx+8ysNOu+2eRcKksU61JkkX39RLrw4ySKUbax2+l:YqN5Tp4LnbmlrZW
Score

10^/10

evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence